The initial attack vector has been email, through spam. These messages are typically fake invoices, job offers and other lures which are sent to random email addresses. Within the email is a .zip file and once clicked, that initiates the WannaCry infection.

The attack is then spreading on internal networks using a P2P exploitation of SMB (Server Message Block) known as EternalBlue. The files are being dropped by a worm which abuses SMB, a network file sharing protocol. Other aspects of the malware leverages file-less exploitation techniques, and the malware is morphing rapidly in the wild with over a dozen variants seen thus far.

The file extension used is .wncry, which drops a ransomware notification named: @Please_Read_Me@.txt in common file and folder locations.

IT IS IMPERATIVE THAT YOU BE EXTREMELY VIGILANT IN OPENING EMAIL WITH ATTACHMENTS OR SUSPICOUS LINKS!

The IT team at Quality Eicholtz is working extremely hard to ensure all of our clients systems are protected against this latest threat. If you are unsure of an email which contains an email attachment or suspicious link, please take pause and reach out to us for verification.